Security issues when using a VPS to trade? - page 3

At the end of the day, a broker could choose (legitimately or not) to front-run or back-run your orders, hence having the same effect as stealing your ex4. In other words, if you have a successful strategy which trades with them, then they could choose to buy when you buy and sell when you sell.

For me I'm not too concerned about VPS security. You could possibly code a check into your EA which only works with your account number. That way at least someone would need to decompile the EA. It's all quite a bit of work for someone stealing your EA unless they know it is worth it.

Just my 2p worth!

There are websites that will decompile an ex4 for you . . no work at all, just a small amount of cash.

I've tried a handful of decrypt/decompile tools, but none of them were able to do the job with my encrypted EA by Guardian.
There's never a guarantee that a hosted EA is 100% safe, but if there are ways to make it harder to steal my code/use my EA, I use them.

What does the VPS provider have to gain from stealing code? Is the EA making so much that it's worth risking the entire company over? Seems they have a lot more to lose and is not a good way to stay in business very long. So I suppose the answer is look for an established provider that is well known by traders to be upstanding, responsible and trustworthy.

Full disclosure: I own CNS

I agree with your risk/reward explanation, when a company(!) is stealing & exploiting an EA, simply because of the risk that only one employee with conscience objections is sufficient to blow things up.
But what about a system admin, who has access to all hosted servers? He/she can copy an EA to an USB stick in matter of seconds. Who can guarantee that this scenario is impossible?

I can't speak for all hosting companies but...

Not likely to go unnoticed. When employees access servers it is in response to either a support ticket or abuse. There is no one magic password to login to every subscriber's server. Everyone is different. And so the tech would need to access the subscribers account record (usually subsequent to a support ticket) to obtain the support password and from there enter the VM. It's all logged – and reviewed with other security related reports - and any abnormality would easily stick out like a sore thumb. The support password is unique to each VM and changes randomly.

All our employees go through thorough background checks – even the coders that never actually login to a subscriber's server. There are even measures in place to prevent say a kidnapping and subsequent data breach.

This kind of stuff is very serious here.

Insightful post, thanks for sharing this. It's interesting to get a glimpse of what happens on the other side of the line.

What about encrypted wrapper around executable?

MT4 runs inside encrypted shell and grabs your EAs from a virtual network location, which is also encrypted.

Or am I just being paranoid?

Well, I don't think hosting provider will steal information from your VPS. Usually they know nothing about MT and it's specifics :) They just provide VPS with preinstalled MT, but it's useless to ask them about EA, they even don't know what it is :) I've tried this with several hosts. My current one (fozzy.com) claims that if I change password to VPS, they will not have access to it. I've checked this by asking them to change something inside VPS, and they asked me for an access to it, so seems to be true. Just change password to your own. The real problem I suggest is in Trojans. They can steal ftp passwords, so maybe RDP pass as well. Not sure about it, but I'm using Guardian, that makes me feel safe. So nice that it's free for use!

PamHamlett register this June, and this is PamHamlett's first ever post. Sound fishy.